Skip to content

Stage Dependabot auto-merge smoke test#123

Merged
qqrm merged 1 commit into
devfrom
codex/test-dependabot-automerge
May 11, 2026
Merged

Stage Dependabot auto-merge smoke test#123
qqrm merged 1 commit into
devfrom
codex/test-dependabot-automerge

Conversation

@qqrm

@qqrm qqrm commented May 11, 2026

Copy link
Copy Markdown
Owner

Summary

Intentionally roll the crate-ci/typos action pin back one version and touch dependabot.yml so Dependabot immediately checks for updates after merge.

Problem

The new event-driven Dependabot auto-merge workflow needs a live end-to-end verification path, but waiting for the next weekly GitHub Actions update window would not prove that it reacts promptly.

Solution

Create a controlled, low-risk outdated GitHub Actions dependency on dev and update dependabot.yml with a no-op comment so GitHub immediately runs a Dependabot version update check after the change lands.

Scope

Included: .github/workflows/typos.yml downgrade and a comment-only touch in .github/dependabot.yml.
Not included: any product code changes or cargo dependency churn.

Validation

  • actionlint -color
  • zizmor --min-severity medium .
  • cargo +nightly fmt --check
  • cargo +nightly clippy --all-targets --all-features -- -D warnings
  • cargo +nightly build --features debug-tracing
  • cargo +nightly test --locked

Risks

This deliberately introduces a short-lived stale GitHub Actions pin into dev until Dependabot raises the follow-up PR and the auto-merge flow closes the loop.

@qqrm qqrm marked this pull request as ready for review May 11, 2026 03:54
@qqrm qqrm merged commit 59bdff6 into dev May 11, 2026
8 checks passed
@qqrm qqrm deleted the codex/test-dependabot-automerge branch May 11, 2026 03:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant